9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
397s
max time network
402s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (12).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1364	triage - Copy (12).exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe
Token: SeDebugPrivilege	1468	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1364	triage - Copy (12).exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
1364	triage - Copy (12).exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1364	triage - Copy (12).exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
1364	triage - Copy (12).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe
1468	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 4292 wrote to memory of 1468	4292	firefox.exe	92
PID 1468 wrote to memory of 4220	1468	firefox.exe	95
PID 1468 wrote to memory of 4220	1468	firefox.exe	95
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 2712	1468	firefox.exe	96
PID 1468 wrote to memory of 4612	1468	firefox.exe	97
PID 1468 wrote to memory of 4612	1468	firefox.exe	97
PID 1468 wrote to memory of 4612	1468	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (12).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (12).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.0.182156737\1133413814" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26eca7fd-8022-4e89-9b32-5919590b90dd} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 1992 184e56e3a58 gpu
    3⤵
    PID:4220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.1.1493323880\203952969" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f179df8-0b05-434b-bcd2-1e71b5ff5001} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 2392 184e51e3858 socket
    3⤵
    - Checks processor information in registry
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.2.758250069\464585585" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3108 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0d518c7-b688-4516-9176-6ae1bb6c46d5} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3104 184e565f458 tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.3.1988986484\1733346199" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1cf84b-26b3-4cda-a84a-7a65bcaac5bf} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3568 184d8a62858 tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.4.595152209\323240646" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd98f17-2ead-4153-a6fc-7f5938a46c49} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 3800 184ea5cba58 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.5.818432554\70307572" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5036 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cce8a469-1172-47e7-800d-d7cfc44e382d} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5024 184eb626158 tab
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.6.1254802889\1348704497" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8075b724-50c6-4059-a0c0-12e642f687a3} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5136 184eb627958 tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.7.1359723112\1895634166" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e35c74-24d6-4281-b107-6749ce9bd7fb} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5340 184eb628e58 tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.8.987506021\1706625395" -childID 7 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb01117d-f258-4b16-8f37-e1fc889bf806} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5808 184eca95e58 tab
    3⤵
    PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.9.1344495658\117605956" -parentBuildID 20221007134813 -prefsHandle 2804 -prefMapHandle 5996 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc9dde8-53f3-4398-bf2f-601a490f60b8} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5988 184d8a64758 rdd
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.10.440269712\2002400807" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5941b377-a542-44d3-9c10-688485e0bd90} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 2940 184ecb46d58 utility
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.11.1859091315\1716523041" -childID 8 -isForBrowser -prefsHandle 10148 -prefMapHandle 10152 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e70ae1b9-19bb-4fae-88f7-9e587eb7ae96} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 10188 184ecf4f158 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.12.1155039253\1278996644" -childID 9 -isForBrowser -prefsHandle 10020 -prefMapHandle 10016 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7e4f956-0a19-4025-9051-d20548c207ce} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 10028 184ecf4f758 tab
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.13.1441681938\479696569" -childID 10 -isForBrowser -prefsHandle 5360 -prefMapHandle 5504 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46c34144-72ab-4721-aaf3-e9b9603210c0} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5420 184ebf0c458 tab
    3⤵
    PID:5312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.14.66447860\1405191113" -childID 11 -isForBrowser -prefsHandle 4324 -prefMapHandle 10004 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fcc5fbc-401d-4789-a42b-b90f2df0288a} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 5368 184ebfdda58 tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.15.2140602041\661369510" -childID 12 -isForBrowser -prefsHandle 3300 -prefMapHandle 5980 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d771557-c216-4683-9c93-7706f7537afd} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 2804 184ec78c358 tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1468.16.718599628\617536211" -childID 13 -isForBrowser -prefsHandle 6020 -prefMapHandle 4852 -prefsLen 27785 -prefMapSize 233444 -jsInitHandle 1116 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7a42f17-0eba-47a4-851e-19dc925752d9} 1468 "\\.\pipe\gecko-crash-server-pipe.1468" 4764 184ec9def58 tab
    3⤵
    PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\11391

Filesize
8KB

MD5
56fa626d4b0d353af24be54abdae3ab6

SHA1
9644283ae1bf00173f901b3dcadc9fd0dbed620e

SHA256
ae7248b5d9b4016976bb8e08f4d13f01366919a8c06cdce1ce84d6554a069656

SHA512
0dea238cf1462662286e5e9d58cd82fd61ca8bd5be8b6ae79f362740dfeac0f298e65efc9b7daea38917139ed0c1f22c845be22aa6146bc661cf67da7d74b849

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\14355

Filesize
9KB

MD5
0a4f1d53f45b98af6ef291c0f3f4fafb

SHA1
c54974fd78a221cd86bd4b5af1efc0c6b96f47e1

SHA256
8851769f870dae1b56ecd762554cba6caa937282f3423198ba1e2cfcb3ee9fb7

SHA512
dcce300590dfbe1af5e826f0fc529d7c235b1674a2fc92495c9957c3a85d4e4bb8af25983e133b71518ad21bbf4d9ca1f9733b9b43993ad01b3bb218461c45cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\395

Filesize
9KB

MD5
dc85d679f484dddd531c3801e2775eac

SHA1
1c7247e1b26cebe6b757a510e02d96c76733ce1c

SHA256
e373ad5d02a135591112263b256709305c9843561e5677949432b577dfb4cc64

SHA512
f250b4932b31947251b611fc1d3a8d1a319e9fd72d64fcbe954320b37cc7c25dc45d0b0c4ae85faf02320b0d212a2eb4f130def18f5441d0883790d56a93283d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\cache2\doomed\9735

Filesize
8KB

MD5
95ea175ccea71609666c92921f17f238

SHA1
f76311f3655c00c8b53797025dbfaf462d80d3d2

SHA256
d11f3f41969c3acb9a6e6fbcaaa86441e5b9d983b892fcced5b30a1d364b5e1c

SHA512
215126e1175ad326ccb2e7b55c950231faf35460bd975e7636853fd04449c70123a0079f625882047224f96672493b03c96ad7b8e7352ba100f1a311d6e186b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
aafc84d7a3caacf8a36383a748e46b6f

SHA1
3712dfd455e2538f4adf1f79421acc17547e17db

SHA256
44caaaf5c70b5b0219f08d032052a55ed8e436f99a269e1c643d57406fa43093

SHA512
bb08e3155415a160819c5d83ea1a7717f5ac92b1707c10d873863d499dad5a7d7d40285df8357a558e44e202f8b5832507547df16851dbb90e20bec6f072ee73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
919999d2195b70deab69f9e3fddd94d8

SHA1
47277c49261e1b65863498687567ff5cbd3f5bbb

SHA256
85407868f408f8d7e63b4ab60c600981201e028369a78697f371ced7854c6d86

SHA512
45a77876f75c465baa879627a873745eee2c177ea370a8c789f080558f0bf07505e263ac1bc873a41ebc9844a6f305775e675e50f56da716f489df5871bed108

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c71e7879728684861cf18f6b9155ee52

SHA1
b4eb89ac0b6ade95ca9f723a6862bd87b6933d0d

SHA256
bf7310b2ca2a24bd57d915c21015bf80be103f3933e44c0014a476c8f5fd0c7e

SHA512
2412cd62f09cced4dee16e35e4be3b9e9e9c2714e4d5596d840cdcfa0227fa73b081d04eec67da61d835f155d46867cf2273456f9d5c5e2949f472d05eff4fb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\10385a9e-85e2-4ba5-9658-ca6468ba8a35

Filesize
746B

MD5
fcee998bfa07210e21f6999cd8e7f3ba

SHA1
14e2d503e38600e613579a39e27cd7fe9be251f6

SHA256
6e00073b009d400cb51a6df2930c34fb7f0bdbdc2e1b27bd088d7382ea6c1828

SHA512
9a64d14237885f8e967bac53ddab21894243e9432b9cf7d143f06c856def7f02f77310f9afe9bf10fa286523b538e676f74423c6f8b44571f3fd95dacca7b140

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\datareporting\glean\pending_pings\10d357a4-f199-488f-872c-56a5e946cf30

Filesize
11KB

MD5
7446d8bf405ff9b7fbf674f72fe2d30f

SHA1
4d8b558a12b7022f1b9ce6b1bd6479258765703c

SHA256
0635a86e798f45488d1e4c76de1bf19a5311816dba05bbb6ce2f9b469d7f116d

SHA512
16a72ae7887b33f5cedc75509d312daf3b2e2b68f76324a706235f7067816f85998866eb5eb4902ec08a63a97a3f4e7b0d7e1f04af744b515b2c9827936b173e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\favicons.sqlite-wal

Filesize
352KB

MD5
e15f5681d3a9866bb63b199b8a7a1ab3

SHA1
37d0f2a072f3e48465b0937ffb7ef6d5d1a8c276

SHA256
dd4b8eeffd1225282e652406917bd82b007ccea98dca8c376a3006052517e90c

SHA512
0a17951520ff3565c686a36db497b06b9be37c5b144e6ac980e340c62885df6bca6e52a41404f8f2801a5d946aabde092db61f71b507313090227d9fb1530faa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\places.sqlite

Filesize
5.0MB

MD5
f35ba31f440f2421e11c7596a57cecbf

SHA1
0e59446042239a3e3aabad209108815c15808816

SHA256
aad114b295684406af5fb8a104c0ddca98d6e1d6951a867cd3b2ef6db602b40c

SHA512
37856e8f7d0731fbe0693038333cbf51674e7f33c6c81cc596c0e9f82743e363f4ebc55e6c0bdd3bd97763b234ea259eb22028bff5b5838239e9c4989bda6af4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\places.sqlite-wal

Filesize
2.3MB

MD5
55b8b3b1c6b3ba3608a9a84c1e5b4911

SHA1
17dff6ab543ca5cc1f4d6a58b0d48fca931a89b9

SHA256
8d3589b9c77818590f67303eb34ba50080053cfbcc679264c3a325a291d75dcf

SHA512
aa10362e8176cb6011cb4f738f65f809458f4ac271a1f9dc60b9a86015b720a8e963f0e42d2507e73512890037b843065546a53ecab772a2638b419ae3e0fce6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
19262071867cfed214d170255fd357e0

SHA1
2a7d78f904b671f0a12227214bf00bc770462dc4

SHA256
1ac75bff3ce15a81e7816ae42eff5c756c6f2e193f78497cd6e13fbd3cf9ba72

SHA512
f25236059d9925f75d42c9ed504f9aec828d2a7c966c379b1a58a0a003c496bb3ac4ac46c0f98dcf97d22e0022316619b7e8cb53efea7ea9931e4c9b710bd31f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
e2030cac2c768ce21315398dc05d2e7b

SHA1
9db37b61f4c931427c59a4edeb42a923aeb960b6

SHA256
f4cebc606896476e2646b34eb8bc21c9bbb12f53403be06191285a85aedbc83a

SHA512
daea84306094f79c4e49e0ff026bc1dbec96fc261643d151e9ebd18aac9a0b5f0e34a062802b7d762543ea5f7d1b3d0444f3eacda5c185101bfa8d01600722fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
ad8428773f63808419604f8a1480c54f

SHA1
33284035e7900d86441cef71d5705548041e173b

SHA256
dbb4fd19025784f67a0f652eda36a1c0e57833c0ae76b8dc17f0a977db85de61

SHA512
bfef86d5fdc24a0908a1a64736b00fd44e7a20c55f157131fbe0a27c4ec313178569dcc0ba0b833eb913f21d6bcbf227719211a04ccf31fa20583f6dd9cffbb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
ad75563cf43982aa05eae67d99eef176

SHA1
d0a0b1976f0c372167156edbc7e551ce626e3f65

SHA256
ba03739f655082a25acf47b40339add611e93c7bd86cec8111e2241c421a5588

SHA512
8b28eaa729113378ee358f9cb6ce44d486ee2ea6611227cbe79813fb1aa1c6189987798098a99efc6be35b0cd7884914c2b246587746b9b9061e04170a7e5e88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
7KB

MD5
f86d5341cd19454e1f69cba713f15f9e

SHA1
0567837117a20ef07cf252b9ad81393fb788b4b9

SHA256
9ada32b21cd3ab21a4c268c15077957631444ea1d788631170f9e41376468429

SHA512
baba9f2d22cb05c716f28d6dac835ace220d7634d341dc3d8674c175c6a695010aea0c1f1aa0b79b063b573b96c169400cdaba6e414c6cf4c16abaee39d4cae5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\prefs-1.js

Filesize
6KB

MD5
941e57f44565ce6ff046e7085b01721d

SHA1
914ae1a635b66cb4de2b9d1027481dd27bd7f560

SHA256
8f11ed9d1210e22a15e4bd280ccdcabd95e04c6bf630fd67a75f22e15dfdcc6f

SHA512
9e754da3b2630aa44fc4996c96c54c4ea7fc3f299380c1f91f794e63eaeab9ca9529412b6d97da6ed641dd04e5e23c407c89e9145049d73d085daac0e65892f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8a6863305ccfbbf1ed57f4ec99f227d5

SHA1
e5c1314ad2b93e4d7eecbf194d1b1cc507c484ee

SHA256
4e5abf1647f4f50ce752a05aabf30ef79c2a7c9de5461c49d54c5b715fcc13e0

SHA512
2bd3cc6e594deb335be4e65718c619620780e8af440285d63960ee8e50f1892c145e4ce11a9ea3d6b2d0a4d5f43daafb66e1f55de106c871610d196de4d7b219

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
cc6cc782df7cbc61ee116e3d76dc1057

SHA1
a61bdddb3eaa1fc1300bc4e30a642c7e7e21f8b6

SHA256
5a8a9522d3d70ac0bf66ef5fcd837a2fdac5e9073c5e7b04a938c36e79515b81

SHA512
e97719f2674cd1dc8f92018ed3bcb3048031ba6d5d195d8fc8a569385fab23457b6db9914b42262e208c88efa03df043396fa4baaa5515cd42d8e6c1a22d79bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ebfd9c6a91daef30218d3a427c18c2d6

SHA1
5ad1e76e2f0fa0065c5a8f6f61b258e1f77922ee

SHA256
ab9df6bd9110237fb3791b06ced3917a8f82d74ceb41001e05f4db3b1fe1953f

SHA512
6d83c5e9710b00c0357fda0ddb0c035816c2babdbed3097bc78cc220be8cdcf762941b5ed39bab6afd70c9f50f91adb9a477ebc4ab20e6ae390962d7d6380067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
40f1b32d42f1196c83f5f730c0816484

SHA1
3f26317c2938146444cbbfde6cc9fdb3777c2568

SHA256
5079b360d33b1107a1550326f8cb0dd55350a509ef43ae63abed0c25a03ebf1e

SHA512
afbaae8c23ac2fc2c6d5ea41ce6b6b2d7f120f1e01cffa33d5649af8eb31ed217210c42b6b091968a2244ee72c5dd7540da2d81ee426792e01e4100dae64e5fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8228c06590653f4a3843e3fd3f91c386

SHA1
82baaa050c8ae3b54369e1cce5ee60c8781885bb

SHA256
4535d6bbdbd7b44644d659bf80f933febdb3cd207ddd33c6db6f95101826d518

SHA512
47794220bd1ba9b0fff61315b536c85ab35fef1c77bd38be6ed8078ba2251ce97aa8c4669c7b4f93123154b2930498791f0c339da55a371b0823c40ead95dac2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f5e4b9724f9d22ae31a15be13708ad98

SHA1
4fe2ecdc96aafc631354ea871058dd88661ac0fc

SHA256
becaab0deb4ce0640396009c55346e819c4e57d7c2380b0a1b7ed64d6ababf3c

SHA512
5e31d7d512611034bb7a8a5e217fd8dd24bf88c52dd6b4a0b27529539a23588d7ce7706c3772a8bad5bfd56ce21cf612ece152543bd5f2033f0a81cbdabbc011

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5b886561e9ea86b4180eb92892ef7ec5

SHA1
cf3b3a6840ee144bcc7461f27639094b8d805a58

SHA256
b4c89f84140740376bfdca7fed7cdf142c51ef3f00ac3359fb64c2f2435120c7

SHA512
271379231bdd6dc2a872fa51086efb6530d45d60af16f1a6c7d6d828fde168fb14c1af1423696d6b9f4eeae6e8522878d05482e8cfe0ffa5e5261721c0196423

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
083864163b10cb5f76f621ac41c844bf

SHA1
3dab85ae512427af6ab1c1b7041b64a4aba6c356

SHA256
b5f4aa14442f8a1848582914ad251bc9fc2fd4dd5333f994d8ef45e22b9e0085

SHA512
dd6dfaff79b07b186046b6eb74730fc2aa847bf6d57cc89447ce2703be9d1d1707d7debe55142cc3bb90dea4478fa46e76ad0a4a139507a441cea157b963231b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xh4b7nwe.default-release\targeting.snapshot.json

Filesize
3KB

MD5
2f1750d9d4c4a1b36e1915ec697ae2fa

SHA1
76f99e84b97ad5a503f23b7e8529f894062489c1

SHA256
da2c15b50a7aa4d11bbe7f8edcfb8492ccd7566ac78afd64e3075238334a7ad6

SHA512
b574c2c136444946849c761f49092cb54299664b6ed5108f6464a39500757e5af6490d2c15d413377e4ef58479b1618de1a469849970944b361ef9fb4a125ab2

Download Submit